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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server (103). A resource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103).. 
calculates the access right to the corresponding re- 
source based on the resource request and the result of 
the authentication checking, and relays the calculated 



access right and the resource request to the individual 
server (103). Upon receipt of the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code. A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource of the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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Description 



[0001] The present invention relates toa firewall tech- 
nique lor .nierconnecling the Interne, and a LAN (Local 
Area Network), and lor securely proteciino the resourc- s 
es wi.hm the LAN while permi.ting accesses made from 
the Iniernel to the LAN. 

[0002] Conventionally, a firewall was arranged wilh a 
packet fiHering me.hod or a filtering me.hod as an appli- 
ca.ion galeway. These melhods are tended .o dele,- w 
m,ne whe.her or no. lo permi. an access from an oulside 
lo an inside for each service 

I0003] With the firewall for pro.ec.ing in-house re- 
sources from an illegal attack from outside when an in- 
house LAN is connected to the Internet, all accesses is 
are prohibited by default, and only a particular individual 
access is permitted. 

[0004] Therefore, with the curren. filtering method 
which respectively recognizes a serv.ce and a user as 
hrs. and second standards, almost all ne.work services so 
become unavailable and even legal users cannot re- 
ceive useful Internet services. " 
[0005] If network services are made available oulside 
and inside a company depending on need in order to 
satisfy the recently diversified demands of in-house us- 2S 

T' k 1 T many S8rVices are a,,owed «o pass 
through the firewall. As a result, it becomes difficult to 
maintain security. 

[0006] Additionally, using a remote access method 

house LAN machine is permitted after authentication 
checking ,s made. Accordingly, even a single attack can 
possibly cause serious damage 

mpTlr A f S lh deSCribed abov *. with the conventional 
methods, ,f the number o. services which can externally 3s 
use ,n-house resources increases, the possibility that 
the ,n-house resources, which must be protected, can 
be exposed to danger becomes great 
[0008] This invention was developed in the above de- 
scribed background, and aims a. significantly improving 40 
the degree of convenience of a firewall, and at securing 
a security level equivalent to that of a conven.ional tech 
mque by changing a filtering method 
[0009] The presem invention assumes a network con- 
nection controlling method for interconnecting an exter- 4S 
nal network (a network outside a company) and a local 
area network (a network inside a company) 
[0010] In an embodiment of the invention, authentica- 
tion checking is made for a user within an external net- 
work (a user of a client machine 301 ) when the user ac- so 
serveTtOlT 3 ' au,henlica,ion decking 

Sinmi?*' i 3 reS ° UrCe reqUeS ' 10 access a res °"ce 
wilhin the local area ne.work is received from the user 

based on the result of the authentication checking (a re- ss 
source managing server 102). 

[001 2] Then, an access right to the resource within the 
local area network, is calculated in terms of level or ex- 



tent (ca.egorised or graded) based on the resource re- 
quest and the result of the authentication checking (,he 
iesource managing server 102) 

S I" 3 ' eSU " a " 3CCeSS *° ,he ,esou ' ce * ™de 
based on the calculated access right (the resource man- 

moi^T 102) <e ' 9 '° 3 Ca ' CUla,ed ,evel °< a c«ss> 
[0014] Heie. the accessed resource is transmitted as 
a mobile code to the client machine operated by the us- 
er. The client machine access the data wi.h.n the re- 
source by receiving and executing .he mobile code 
[0015] In the above me.hod, filtering is performed by 
recognaing a user and a service as firs, and second 
standards, so .ha. it becomes possible to protec. in- 
house resources from external attacks and to satisly .he 
diverged demands of in-house users in accordance 
mh the respective policies for respective users thai is 
all company employees are permi.ted lo make any ac- 
cesses by default, while external users are prohibited 
Irom making any accesses by default 
[0016] Additionally, a change is made Irom the con- 
ven.iona. me.hod for permitting login to a machine within 
an in-house ne.work after authen.ication checking is 
made, .o .he me.hod lor externally transmitting only a 
requested ,n-house resource, thereby making the scale 

^?,r 9 ?K P ° SSib,y oocur wi,h a sin 9'e attack 

less than that of a conventional technique 

[0017] More specifically, the distinction between text 
information such as electronic mail received within a 
company, multimedia information, etc., and the applica- 
tion program data of a system under development is 
no. made, and they are defined to be in-house resourc- 

rtn l , apP ' ica,ions ^side and outside the company 
can be linked and operate together 
[0018] As described above, in an.embodiment of the 
invention, .he degree of convenience o, a firewall can 
be significant improved by changing a filtering me.hod 
and moreover, the security mechanism is duplicated by 
checking user authentication and controlling each ac 
cess to ,n-house resources, thereby ensuring the secu- 
rity eve. equivalent to that of a conventional technique 
[001 9] Reference is made, by way of example, to the 
accompanying drawings in which: 



Fig. 1 is a block diagram showing .he configuration 
o a system according to a preferred embodiment 
ot the present invention (No. 1): 
Fig. 2 is a block diagram showing the conf.guration 
of the system according to the preferred embodi- 
ment of the present invention (No. 2): 
Fig. 3 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of Ihe 
present invention (No. 1) ; 

Fig. 4 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of Ihe 
present invention (No. 2); 

Fig. 5 is a schematic diagram explaining .he oper- 
ations according lo the preferred embodiment of the 
present invention (No. 3) ; 
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Fig. 6 is a schematic diagram explaining the oper- 
ations according tothe preferred embodiment ol the 
present invention (No. 4): 

Fig. 7 shows the sequence lor establishing a serv- 
ice between a client and a server. 
Fig. 8 shows the procedure sequence at an update 
(in the case where there is almost no time difference 
between when a resource is received and when a 
rewrite operation is performed): 
Fig. 9 shows the procedure sequence at an update 
(in the case where there is a time difference be* 
tween when a resource is received and when a re- 
write operation is performed): 
Fig. 10 exemplifies a client application program; 
Fig. 11 exemplifies a gate keeper program; and 
Fig. 12 exemplifies a resource manager program. 

[0020] Provided below is the explanation about the 
details of the preferred embodiment according to the 
present invention. 

Characteristics of the Preferred Embodiment 
According to the Present lnvention> 

[0021] This preferred embodiment is characterized in 
that filtering is performed by respectively recognizing a 
user and a service as first and second standards, so that 
it becomes possible to protect in-house resources from 
external attacks, and also to satisfy the diversified de- 
mands of in-house users in accordance with the respec- 
tive policies tor respective users, that is, company em- 
ployees are permitted to make any accesses by default, 
while external users are prohibited from making any ac- 
cesses by default. 

[0022] Additionally, this preferred embodiment is 
characterized in that the scale of damage which can be 
possibly caused by a single attack can be made less 
than that of a conventional technique by changing the 
conventional method for permitting login to a machine 
included in an in-house network after authentication 
checking is made, to the method lor transmitting only a 
requested in-house resource. 

[0023] More specifically, according to this preferred 
embodiment, the distinction between in-house resourc- 
es, for example, between text information such as elec- 
tronic mail received within a company, multimedia infor- 
mation, etc., and the application program data of a sys- 
tem under development, is not made, and an application 
possessed inside the company is defined to be one of 
the in-house resources, whereby applications inside 
and outside the company can be linked and operate to- 
gether. 

[0024] As described above, according to this pre- 
ferred embodiment, the degree of convenience of a fire- 
wall can be significantly improved by changing a filtering 
method, and additionally, the security mechanism is du- 
plicated by checking user authentication and by control- 
ling each access to in-house resources, thereby ensur- 



ing the security level equivalent to that ol a conventional 
technique. 

Configuration of the Preferred Embodiment According 
s to the Present lnvention> 

[0025] Fig. 1 is a block diagram showing the configu- 
ration of the system according to the preferred embod- 
iment of the present invention. 

io [0026] An authentication checking server 10 1, which 
is arranged within an in-house network, comprises at 
least one service request port for receiving a plurality of 
types of service requests such as telnet, tip, http, etc., 
and has a mechanism 1or checking user authentication. 

i5 This server 101 is connected to the Internet via an ISP 
(Internet Service Provider) 104 included in an external 
network. 

[0027] A resource managing server 102, which is ar- 
ranged within the in-house network ; has a capability for 
20 managing the resources within the in-house network, 
and has a mechanism for restricting an access right to 
each of the in-house resources depending on the at- 
tribute or the degree of reliability of a user. This server 
102 is connected to the authentication checking server 

25 101. 

[0028] Note that the resource managing server 102 
and the authentication checking server 1 01 may be di- 
rectly connected as shown in Fig. 1 , or may be connect- 
ed via a packet filtering router 201 as shown in Fig. 2. 
30 [0029] An individual server 103, which is arranged 
within the in-house network, provides a variety of serv- 
ices such as telnet, ftp, http, etc. This server 103 may 
be the same server as the resource managing server 
102. 

35 

<Principle of the Operations According to the Preferred 
Embodiment of the Present lnvenlion> 

[0030] Provided next is the explanation about the prin- 
40 ciple of the operations of the configuration according to 
the above described preferred embodiment. 
[0031] A user ID and an authentication password are 
registered to the authentication checking server 1 01 be- 
forehand. 

45 [0032] If a user ID is not registered to the authentica- 
tion checking server 101 , the corresponding user is rec- 
ognized to be an external user. 

[0033] A pass-phrase or an one-time password, etc., 
which are used by a public key encrypting system, can 

50 be adopted as the authentication password, while an 
electronic mail address is adopted as the user ID. 
[0034] A user who desires to access an in-house re- 
source makes a connection to the authentication check- 
ing server 101, and transmits a service request, the user 

55 id. and the authentication password to the authentica- 
tion checking server 101. 

[0035] The authentication checking server 101 which 
has received the service request calculates the degree 
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of refiabi.ity of .he user by n-.ak.ng a ma.ching between 
he received user ID and authentication password and 
ZsTT T 10 aulhe ""««ion password 
[0036] The au.heniical.on check.ng server 101 .hen 

2 POft (S ° Ckel) '°' 9 C " enl mach ™ « ,he prep- 
nation for acceptmg the resource reques, 

o?a 3 d«, "I! 6 " 1 m3Ch,ne " anSmilS ,he '°9^< name 

luesf T I" SG ' eSOUfCe 10 ' he P ° n 3E a feso ^e 
request. The resource specif.cation is made with a URL 
Uniformed or Un.versal Resource Localor) 

mi?*? ./ he au,henlicaIion decking server 10! trans- 
m..s to the resource managing server 102 .he resource 

ZZ* ,ran K Smmed ' r ° m ,he C " en ' msc *>™ ^d the de- 
gree of rel,ab,.„y ol the user, which is calcu.aled before- 

10039] Upon receipt of the resource request and the 
degree o, refiabi.ity of the user „om the a'uthenS, 1 
checking server 10! , the resource managing server 102 
detects the individual server 103 which provides the 
speeded .n-house resource, according to ,he too cat 
name of the in-house resource included'n the resource 
eques . Furthermore, ,he resource managing server 
102 de.erm.nes an access righ. ,o .he requested in 

the user, wh.ch ,s received from the authentication 
check.ng server 101, transmi.s the resource request 
and the access right to the individual server 103 and 

Pr ° Qram C ° de (m ° bile code > Pro 
vides the requested in-house resource 

[0040] The individual server 103 which receives the 

^source request and the access right from the resource 

managing server 102, genera.es the mobile code, and 

embeds a reques.ed resource, a program for accessing 

the resources individual se.tings such as the access 

ngh. rece,ved from the resource managing server 102 

a condensation code, the expiry date o, the P ?o 
gram, e(c . ln lhe generated m * 

div.dua, server 103 returns .he mobile code to the e- 
source managing server 1 02. 
[0041] Upon , ecejp , of , ne mobj(e cQde 

vidual server 103, ,he resource managing server 102 
returns „ to the au.henl.cation checkingserver Z 
[0042] Upon receipi of the mobile code from the ,e- 

fnT- ™?rT 9 S6rVer 102 ' ' he au, ^ntication check- 
ing server 101 encrypis ,he mobile code by usinq .he 
registered password (such as a public key, etc ) of he 
use, who nas issued , he resource V of he 

< he encrypted mobj|e code 1q me c| . eni ns 
has issued the resource request 

L 0 n,oH Th K e , Clien, maCh ' ne Which has receiv <* 'he en- 
crypted mob.le code ex.rac.s .he secret key of the user 

loTe? h P. aSS .- phrase user has transm ted 

to the ^authentication checking server 101 at the time of 

bi.e cori ,k T CheCkinQ d6CryP,S ,he encr V pled ™> 
b I code with ,he secre. key, and execu.es the program 

of the mob .le code. Consequently, the in-house re 

^ource requested by the user is reproduced on ,he c.ien, 



in? ml h ° USe reSOU ' Ce fe P'°^ced on the cli- 

en. machine rejects an access reques. which viola.es 
.he .ccess -ngh, by referencing ,he access righ, and he 
Cent ident.f.ca.ion code, which are embedded in the re 
• source itself. ,nere 

<Specilic Opera.ions According .o .he Preferred 
Embodiment of lhe Present lnvention> 

'0 [0045] Sequentially prov.ded below are the exolana 
none about .he specific opera.ions according^ The p "e-" 
erred embodiment of ,he present invent.on ,by referhno 
to .he schematic diagrams explaining the opera.ions 

« ? o°s wn 7 m r ,9s h o 3 mrou9h 6 ' ,he seque — 

[0046] The explanations to be provided below as- 

TaZ check" 6 aU,hen,iCa "°" chec ^9 by the authen, . 
cation check.ng server 101 .s made based on the public 
key encryptmg system, a pass-phrase is used as lhe au 
henticafon password, and an e.ec.ronic mail address 
is used as the user ID. ^ooress 

[0047] The authentication checking server 101 has a 
pair of the electronic mail address and the pubNc key of 
25 a user as user information. 

[0048] In the authentication checking server 101 a 
gate keeper 303, as shown in Fig. 3, which ta a server 
program for making the authentication checking leaves 
so °ZV aU,hentica,io " ^-king port (socke^ open 
Whatever network service is used, the connection to this 

i made' Wh I"" ' hen aU,hen 'i-- checking 
IT t w he 9ale keeper 303 °P e ^ the above 

" sCromo ?; examp,e ' ihe pr ° 9ram C ° de Sho - 

in siep i ot Fig. 11 is executed 
* [0049] |, a user requests a network service within an 

Fio 3 U E:T? ^ eXeCU ' in9 3 C ' ient a PP'-'i°n 3?2 
(Fig. 3) of a client machine 301 , an authentication check- 
ing request is firs, issued from the client machine 301 to 
he au,hen,.ca„on checking server 101 (Si of Fig 7) In 
« this case, the c.ien, application 302 execu.es for exam 

^ Tn! »T? COd6S Sh ° Wn in S ' epS 1 and ^ Ot Fig 
10. The authentication check.ng server 101 is specified 
in step i, while ,he connec.ion to the authemica .on 

[0050] If ,he conneclion lo the authentication check- 
ing server 101 is successfully made, the user inpu^ h s 
or her user ,D and au.hent.cation password by using the 
window displayed on the c.ien. machine 301 The Te! 
» ID is the electronic mail address of the user' wh'e the 

,he o e uh, ,Cali ° n P3SSWOrd " ,he PaSS " phrase «en 
he public and secre, keys are generated 

[0051] Upon receipt of ,he user ID and ,he authenti- 

cation password from the client machine 303 the qa te 

seTe e no?de inC,U , ded h * ** au,ha "-,ion chec fng 
server 101 decrypts the authenlication password bv us 
'"9 «h« Public key o, the user, and ««L Je S J? e Z 
or no, the rece.ved user ID is registered to a user data- 
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base, which is not shown in Fig. 3 but is included in the 
authentication checking server 1 01 .. and whether or not 
the received authentication password matches any au- 
thentication password stored in the user database, it the 
user ID is registered (S2 o1 Fig. 7). In this case, the gate 
keeper 303 executes, tor example, the program codes 
shown in steps 2 and 3 ol Fig. 11. The process for re- 
ceiving the user ID and the authentication password is 
performed in slep 2. while the process for checking au- 
thentication is performed in step 3. 
[0052] Next, the gate keeper 303 calculates the de- 
gree of reliability of the user by referencing the above 
described user database with the result of the authenti- 
cation checking (S2 of Fig. 7). In this case, the gate 
keeper 303 executes, for example, the program code 
shown in step 4 of Fig. 1 1 . 

[0053] If the electronic mail address of the user, which 
is the user ID, is registered in the user database and if 
the authentication password is legal, a high degree of 
reliability is provided to the user so that he or she can 
use many services. 

[0054] If the user ID is not registered in the user da- 
tabase, this user is recognized to be an external user 
and a low degree of reliability is provided to the user. In 
this case, only services which do not require the authen- 
tication checking, such as the acceptance of electronic 
mail addressed to an in-house user, etc. are provided. 
[0055] If the authentication password is illegal al- 
though the user ID is registered to the user database, 
this access is determined to be an attack and is rejected. 
[0056] If the authentication checking is properly 
made, the gate keeper 303 secures the port (socket) for 
accepting the resource request issued from the user 
(permission/connection port), and activates a relay 
server for relaying resource associated information, 
which is communicated between the client machine 301 
and the resource managing server 102, in correspond- 
ence with the secured port. Then, the gate keeper 303 
notifies the client machine 301 of the above described 
permission/connection port (S3 of Fig. 7). In this case, 
the gate keeper 303 executes, tor example, the program 
codes shown in steps 5 through 8 of Fig. 11. In step 5, 
it is determined whether or not the degree of reliability 
is higher than a threshold. In step 6, the number of the 
permission/connection port is dynamically secured. In 
step 7, the relay server using this port number is acti- 
vated. In step 8, the above described port number is no- 
tified to the client machine 301 if the relay server is suc- 
cessfully activated. 

[0057] When the permission/connection port is noti- 
fied from the authentication checking server 1 01 , the cli- 
ent application 302 executed by the client machine 301 
assembles the resource request in a predetermined da- 
la format, extracts the secret key by receiving from the 
user the pass-phrase for extracting the secret key of the 
user, and encrypts the resource request with the secret 
key. Then, the client application 302 transmits the en- 
crypted resource request by using the notified port (S4 



6 

of Fig. 7). In this case, the client application 302 exe- 
cutes, for example, the code shown in step 3 of Fig. 10. 
[0058] The relay server, which is operated by the au- 
thentication checking server 101. decrypts the resource 

5 request received from the client machine 301 with the 
public key corresponding to the user who has transmit- 
ted the request, embeds in the decrypted resource re- 
quest the degree of reliability, which is calculated for this 
user (S2 of Fig. 7), and transmits the resource request 

70 to the resource managing server 102 (S5 of Fig. 7). 
[0059] The resource manager 304 (shown in Fig. 3), 
which is operated by the resource managing server 1 02, 
has the mechanism for providing an external user via 
an external network with the directory for searching for 

*5 the individual server 103 which provides the in-house 
resource corresponding to the logical name of an in- 
house resource, and for determining the access right 
from the client machine 301 to the in-house resource. 
[0060] More specifically, the resource managing serv- 

20 er 102 parses the resource request, extracts the re- 
source name and the degree of reliability of the user, 
and calculates the access right to the resource by using 
the extracted information, upon receipt of the resource 
request from the authentication checking server 101 (S6 

2S of Fig. 7). The access right includes, for example, the 
right to perform a read /write operation for an in-house 
user, the right to perform only a read operation for an 
external user, the right to prohibit an access to a confi- 
dential resource for an external user, etc. In this case, 

30 the resource manager 304 executes, for example, the 
program codes shown in steps 1 through 3 of Fig. 12. 
In step 1 , the process for receiving a resource request 
is performed. In step 2, a data set "p", which includes 
the resource name and the degree of reliability of a user, 

35 is extracted by performing the process for parsing the 
received resource request. In step 3, the prdcess for cal- 
culating the access right to the data set u p" is performed. 
[0061] Note that the determination of the access right 
may be made by the individual server 103. 

40 [0062] Next, the resource managing server 102 
searches for the individual server 103 which provides 
the network service corresponding to the parsed re- 
source request, transmits the parsed resource request 
and the access right to the searched individual server 

45 103, and requests the relay agent which is the above 
described mobile code for providing the requested in- 
house resource (S7 of Fig. 7). In this case, the resource 
manager 304 executes, for example, the program codes 
shown in steps 4 and 5 of Fig. 1 2. It is determined wheth- 

so er or not a permissible access right can be obtained in 
step 4, while the resource request, the access right, and 
the request of the relay agent are transmitted to the in- 
dividual server 103 in step 5. 

[0063] The individual server 103, which has received 
55 the resource request, the access right, and the request 
of the relay agent from the resource managing server 
102, generates the requested relay agent, and embeds 
in the generated relay agent the individual settings such 
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as the access righ. received from the resource manao 
•ng | serve, the Cent identification code, the exp^y d e 
of he program, etc. (S6 of Fig. 7). This relay aoent i! 
wnnen as a mobi.ecode. for exampfe, in JAVA^LTid 

wLln o k SyS ' emS re ' ay 39601 can move 
w,,h n n-house and external networks, and includes the 

(me h^ , " ' n " hOUSe ' eS ° UrCe and ,he 
(method) for accessing the content* 

ioenno IT 103 lhen re,u ' ns Ihe <^V 

r 9 4 %i i "iT mana9,n9 server i02as shown 

[0065] Upon receipt of the relay agent, the resource 
manager 304 operated by the resource manag.ng serv 
er 102 returns ,he re.ay agent to the authenricat.on 
check,ng server ,01 (SlO of Fig. 7), In this case the 
resource manager 304 executes, for example the pro 
gram code shown in step 6 of Fig 1 2 

F a 4, he above descnbed relay server operated by the 
au.hen.,ca„on check.ng server 101 encrypts the re aj 

tra^l^ ' e9 ' S ' ered PUMC ^ * ^ ^Zl 
Uansmmed the resource request (the key represented 
w-lhtn he authentication checking server 101 of Fig 4) 
and returns the encrypted relay agent to the client ma 

( s h ; n 1 e omg w 7T h has ,ransmi,,ed ,he resource 

[0067] The client machine 301 which has received the 
encrypted relay agent extracts the secret key of h e u "e 

aThlnl Pa t £S ' P h raS ! ,h3t US8r h8S ,ransmrtte * «o the 
aulhem cafon checking server 101 at the time of the au- 
them.cat.on checking, decrypts the encrypted retav 
agen, 401 with the secret key (the key represent with" 
■n the chent machine 301 of Fig. 4) and execute hi 
program of the re.ay agen, (Stlo, Fig. 7). ,n T h t Ca e 
he c en, applicalion 3Q2 f(jn by ^ JJJZ^ 

ITU ! XamP ' e ' ' he Pf °9 ram coae * shown in 

whether o OU0 ,k °' Fi9 ' 1 °- ' n S,6P 4 - » is de '-^-ed 

iTs-eo 5°r' T fe,ay 89ent 401 haS bee " ~> 
n step 5, the relay agent 401 is decrypted In steo 6 

he decrypt relay agen, 401 is executed ° 
£ C ° nsequen, V. ,h * i"-house resource request- 
ed by , he user is reproduced on the client mach.ne 30 
The user can access the in-house resource reproduced 
on he chen, machine 301 wi.hin the Cent machine 3oT 

Z n7 n H° n ° USly '° ,he indiVidua ' se(Ver 1 °3^.ud- 

f006 9 r T h ;T e ne,W ° rk ' 35 Sh ° Wn " R 9 5 
J 6 V; re ay a 9 enI 40 1 ex ecu,ed by ,he clien, ma- 

accTss "ohTh f n ^ reqUeS ' WhiCh Vio,ales «"» 
enWritn ? , y fe,efenc,n 9 'he access righ, and the cli- 
ent .den, rf ,a,,on code, which are embedded in ,he agen. 

[0070] Provided next is the explanation about the 
case where a data rewrite request to an in-house re 

to the WHhin Cllent maChine 301 ■ * 

to the schemata diagram explaining the operat.ons 
shown ,n Fig. 6 and the sequences shown in F^g 8 and 
9 F-g. 8 shows the sequence used when there is a.mos. 
no ..me difference between when an in-house resource 
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6 ™ y 6 C ' ienI maCh ' ne 301 and wh en a rewrite 
eques, ls lssued Fjg 9 show£ me .e 

there ,s a me difference. The exp.anation wi.. be pro 
v.ded by refernng to both of Figs. S and o 

" m?J h 1] 3 ' eWfi,e request occurs *"'hin the client 

machine 30, (Si of Fig. 6 or 9). the re.ay agen, 401 ex 
ecu.ed by the c.ien, mach.ne 301 checks the access 
nghi of the user who has issued ,he reques acco^nn 

[0072] If , he access ,s permissible, ,he re.ay agent 
401 ssues an au.hen,.ca.ion checking reques. to the au 
thent.cat.on checking server ,0, (S3ofFig 8 or l Th* 
au.hent.ca.ion check.ng request includes a use ID and 
s an authentrcation password in a similar manner as in S 

[0073] Upon receipt of Ihe user ID and the author, 
ca„on password from the Cent machine Z q a e 

e e rr r 1 o? 3 ch in ? ded in ,he au,h —- ch h ; c 9 e 

server 01 checks an amount of lime elapsed from the 

S?? 1 J' am ° Unt °' elapsed ,ime ^ equal to or 
sma ler than a predetermined amount, and i, ,h e pe mis 
s,on/connect.on port (reler to S3 of Fig. 7) for acceoZ 

^ reS °,r reqUeS * ' rom ,he — - 'til. open he '! 
keeper 303 notifies the clien, machine 30? of' his f 8 r 
rn.ss.on/connection port (S5 of Fig 8) P 
[007S] if .he amount of elapsed time is lonqer than a 
predetermined amount, and i, the permission/con nec 

™2r" 9 reS ° UfCe fequesl - 
"cation cht 9a,e w kee P er 303 performs the authen- 
P o ess-nme ? 9 T "* re ' iabi " ty de 9- e "Icu.a.ion 
F n of J 3r mannera s in S2 of Fig. 7 (S4' of 

F-g. 9), and not.fies the client mach.ne 30, of the resuM 

Sr c r 6 p r ission/connec,ion port ^ 5 0 . f 9 s u 9 

0076] When the permission/connection port is not 
•«J from the authen.ica.ion checking server ,01 heTe 
'ay agen, 401 executed by the client machine 30, as 
sembles the rewrite reques, in a predetermined dSa fo - 
« ma, ,n a s.m.lar manner as in S4 of Fig 7 ex.rac s he 
secret key of the user with ,he pass-phrase , ha The u e! 
has transmitted to the au,hen,ica„on checking serve 
c£L,« i °' aulhen " cat ^ checking and en 
« Z . ^ reWr " e 'f^ 5 ' ' nC,Udlna a ™ content to be 

ey nZ IT '?" hOUSe ' eSOUfCe by usi "9 secre, 
key. Next, .he relay agent 40, transmits the encrypted 
rewme request by using the notified port (S6 o, Fig" 8 or 

so l°° ?7 l , The f6lay Server ex eouted by the authentica- 
.on check.ng server ,0, decrypts the encrypted rewrife 
reques rece.ved from ,he chen, machine 30, „ T.he 
pub c key corresponding to the user who has C 
ted the request, embeds in ,he decrypted rewrite re 

ss ZZ e degree of re,,abi,i,y wh,ch - as p-- y I 

I Fio 9? T, " Fi9 ' 8) " ' S nSW,y (,n ,he — shown 

to the r! al6d ' and * ranSmi,S ,he rewri '^ request 

to «n resource managing server ,02 (S7 o, Fig. 8 or 9) 
[0078] Upon rece,p, of the rewrite reques, from the au- 
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thentication checking server 1 01 , the resource manager 
304 operated by the resource managing server 102 
parses this request, extracts the resource name and the 3. 
degree of reliability ot the user, and calculates the ac- 
cess right to the resource by using the extracted infor- f 
mation in a similar manner as in S6 of Fig. 7 (SB of Fig 
6 or 9). 

[0079] The resource managing sever 102 searches 
for the individual server 1 03 which provides the network 
service corresponding to the parsed rewrite request, to 
and transmits the parsed rewrite request and the access 
right to the searched individual server 103 (S9 of Fig £ 
or 9). 

[0080] The individual server 103 which has received 4. 
the rewrite request and the access right from the re- 75 
source managing server 102 rewrites the content includ- 
ed in the rewrite i equest to the in-house resource based 
on the access right. 

[0081] When the rewrite operation is successfully per- 
formed, the notification of the success of the rewrite op- 20 
eration is returned from the individual server 103 to the 
client machine 301 . and the rewrite process is complet- 
ed (S10 of Fig. 6 or 9). 5. 
[0082] The relay agent 401 executed by the client ma- 
chine 301 automatically terminates its process, if the 25 
amount of elapsed execution time exceeds the expiry 
date set within the relay agent 401 itself. 

Claims 30 

1. A network connection controlling method for inter- 
connecting an external network and a local area 
network, comprising the steps of: 

35 6. 

making authentication checking for a user with- 
in the external network when the user accesses 
the local area network; 

receiving a resource request to access a re- 
source within the local area network from the *o 
user based on a result of the authentication 7. 
checking: 

calculating an access right to the resource with- 
in the local area network, which is requested by 
the resource request, based on the resource re- A $ 
quest and the result of the authentication 
checking; and 

accessing the resource based on the calculat- 8. 
ed access right. 

50 

2. The method according to claim 1, further compris- 
ing the steps of: 

transmitting the accessed resource to a client 
device operated by the user as a mobile code 
including a program for accessing data includ- 9. 
ed in the resource; and 

accessing the data included in the resource by 



receiving and executing the mobile code. 

The method according to claim 2 : further compris- 
ing the steps of. 

embedding an access control code which is 
based on the result of the authentication check- 
ing in the access program included in the mo- 
bile code: and 

controlling an access that the client device 
makes to the data included in the resource 
based on the access control code. 

The method according to claim 2 or 3, further com- 
prising the steps of: 

embedding an expiry date control code in the 
mobile code: and 

controlling a time period during which the client 
device can execute the mobile code based on 
the expiry date control code. 

The method according to claim 2, 3, or 4, further 
comprising the steps ot: 

including the mobile code as a relay agent 
which implements a communication between a 
resource reproduced on the client device when 
the mobile code is executed by the client de- 
vice, and a resource of a distribution source/ 
which corresponds to the mobile code; and 
encrypting the communication between the re- 
sources. 

The method according to any preceding claim, fur- 
ther comprising the step of: 

communicating each ot a plurality of types of 
resource requests based on a predetermined data 
format by using a single communications port. 

The method according to any ot claims 2 to 5, fur- 
ther comprising the step of: 

issuing a rewrite request to a resource of a 
distribution source by using a degree of reliability o1 
the user when the resource is updated by the client 
machine. 

A method for making an access from a client to a 
resource of an individual server, the client access- 
ing the resource by receiving from the server the 
resource to be accessed as an encrypted mobile 
code including data within the resource and a pro- 
gram for accessing the data, and by executing the 
received mobile code. 

The method according to claim 6, comprising the 
steps of: 
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arranging an authenticating server between an 
external client and the individual server 
transmitting an ID and a password to the au- 
thenticating server: and 
receiving a port number corresponding to the 
.nd.v.dual server it authentication is successful- 
ly made, and requesting the mobile code by u<=- 
ing the port number. 

10. A melhod lor connecting a client and a serve, com- 
prising the steps of. 

making authentication checking upon receipi of 
an authentication request from the client 
calculating a degree of reliability of a user 
opening a port corresponding to an individual 
serve. ,n .esponsetoa resource ,equesl issued 
from the client; and 

notifying the client of the porl number lor trans- 
mitting a request to the individual server and 
then relaying a resource of the ind.vidual server 
as a mob.le code composed of data included in 
the resource and a program for accessing the 



to 
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20 



11. A melhod for connecting a client and an individual 
server, wherein: ~ 

the individual server is managed by parsing a 
resource request upon receipt of Ihe resource re- 
quest from the client, calculating an access right 
corresponding to the individual server, transmitting 
the request to the individual server when a permit 
led access right is obtained, and reluming a re- 
quested resource as a mobile code composed of 
resource data and an access program to (he client. 

12. A network connection controlling system for inter- 
connecting a client device within an external net- 
work and a resource provid.ng server within a local 
area network, comprising: 

an authentication checking server device (101) 
for making authentication checking for a user 
of the client device within the external network 
when Ihe user accesses the resource providing 
server device within the local area network' and 
a resource managing server device ( 1 02) for re- 
ceiving a resource request to access a re- 
source provided by said resource providing 
server device from the user based on a result 
of the authentication checking, lor calculating 
an access right to the resource which is provid- 
ed by sa.d resource providing server device 
and ,s requested by the resource request 
based on the resource request and the result 
of the authentication checking, and for relaying 
the resource request and the access right to 
sa«d resource providing server device 



2S 



30 
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13. A compuie.-readable s.orage medium s.orino a 
program which directs a computer to perform a net- 
work connection conirolling process for inte.con- 
necimg an external network and a local a.ea net- 
work, the process comprising the steps of: 

making authentication checking (or a user with- 
in the external network, when the user access- 
es the local area network 
receiving from the user a resource request to 
access a .esource within the local area network 
based on a result of the authentication check- 
ing; 

calculating an access right to the resource with- 
in the local area network, which is requested by 
Ihe resource request, based on the resource re- 
quest and the result of the authentication 
checking: and 

accessing the resource based on the calculat- 
ed access right. 

14. A method for making an access from a client to a 
resource of an individual server, the client access- 
ing the resource by receiving from the individual 
server the r esource to be accessed as an encrypted 
mob.le code including data within the resource and 
a program for accessing the data, and by executing 
the received mobile code. 
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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server ( 1 03). A \ esource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103), 
calculates the access right to the corresponding re- 
source based on the resource request and the result of 
the authentication checking, and relays the calculated 



access right and the resource request to the individual 
server (103). Upon receipt ol the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code. A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource of the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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